From fc18b009de9b1f7c1e70ded6cb69aa94b985d09a Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Wed, 25 Jun 2008 16:12:35 +0000 Subject: added a bit of leeway for images to avoid the more common false-positives that using xss_clean() on image files might trigger --- system/libraries/Input.php | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'system/libraries') diff --git a/system/libraries/Input.php b/system/libraries/Input.php index 783446aec..04b373e41 100644 --- a/system/libraries/Input.php +++ b/system/libraries/Input.php @@ -631,8 +631,17 @@ class CI_Input { * But it doesn't seem to pose a problem. * */ - $str = str_replace(array(''), array('<?php', '<?PHP', '<?', '?>'), $str); - + if ($is_image === TRUE) + { + // Images have a tendency to have the PHP short opening and closing tags every so often + // so we skip those and only do the long opening tags. + $str = str_replace(array(''), array('<?php', '<?PHP', '<?', '?>'), $str); + } + /* * Compact any exploded words * -- cgit v1.2.3-24-g4f1b